detect/analyzer: Improved fast pattern display

When transforms are part of a rule, improve information displayed with fast patterns to include the original buffer name and whether any transform(s) are applied.
5 years ago · 8f4f1cb633
parent c88c1f1e14
commit 8f4f1cb633
1 changed files with 9 additions and 1 deletions
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@ -526,10 +526,18 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
        const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
        if (desc && name) {
            fprintf(rule_engine_analysis_FD, "%s (%s)", desc, name);
+        } else if (desc || name) {
+            fprintf(rule_engine_analysis_FD, "%s", desc ? desc : name);
        }
+
    }

-    fprintf(rule_engine_analysis_FD, "\" buffer.\n");
+    fprintf(rule_engine_analysis_FD, "\" ");
+    if (de_ctx->buffer_type_map[list_type] && de_ctx->buffer_type_map[list_type]->transforms.cnt) {
+        fprintf(rule_engine_analysis_FD, "(with %d transform(s)) ",
+                de_ctx->buffer_type_map[list_type]->transforms.cnt);
+    }
+    fprintf(rule_engine_analysis_FD, "buffer.\n");

    return;
 }